rpm package
suse/python-doc&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/python-doc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2013-1753 | — | < 2.7.9-14.3 | 2.7.9-14.3 | Mar 11, 2020 | The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request. | ||
| CVE-2014-4650 | — | < 2.7.9-14.3 | 2.7.9-14.3 | Feb 20, 2020 | The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character | ||
| CVE-2014-7185 | — | < 2.7.9-14.3 | 2.7.9-14.3 | Oct 8, 2014 | Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. |
- CVE-2013-1753Mar 11, 2020affected < 2.7.9-14.3fixed 2.7.9-14.3
The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.
- CVE-2014-4650Feb 20, 2020affected < 2.7.9-14.3fixed 2.7.9-14.3
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character
- CVE-2014-7185Oct 8, 2014affected < 2.7.9-14.3fixed 2.7.9-14.3
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.